Security Bug in Legacy Unix HP-UX

A security bug has been discovered in Hewlett Packard's HP-UX Unix version; there are no plans to remove it.

Security researchers iDefense disclosed that attackers can exploit a buffer overflow bug in the "ldcconn" module to execute arbitrary code. The module is part of the "HP Controller for Cisco Local Director" configuration tool and runs on TCP port 17781 via "inetd". An attacker can provoke a buffer overflow by sending an overly long command string to this port.

The bug affects HP-UX Version 11.x systems sold after the year 2000. According to HP there are no plans to remove the bug as the HP controller is no longer maintained. Administrators are advised to use other configuration tools or migrate to a more recent system.

Spanish security researchers have discovered several vulnerabilities in the "Firewall-1" security solution by software vendor Checkpoint, and are now questioning its Common Criteria EAL4+ certification.